Whether it’s from malicious code sent through an e-mail or an unauthorized user accessing company files, your network is vulnerable to attack. Your response to such incidents is critical. With this comprehensive guide, Douglas Schweitzer arms you with the tools to reveal a security breach, gather evidence to report the crime, and conduct audits to prevent future attacks. He also provides you with a firm understanding of the methodologies for incident response and computer forensics, Federal Computer Crime law information and evidence requirements, legal issues, and how to work with law enforcement.

You’ll learn how to:

* Recognize the telltale signs of an incident and take specific response measures
* Search for evidence by preparing operating systems, identifying network devices, and collecting data from memory
* Analyze and detect when malicious code enters the system and quickly locate hidden files
* Perform keyword searches, review browser history, and examine Web caches to retrieve and analyze clues
* Create a forensics toolkit to prop-erly collect and preserve evidence
* Contain an incident by severing network and Internet connections, and then eradicate any vulnerabilities you uncover
* Anticipate future attacks and monitor your system accordingly
* Prevent espionage, insider attacks, and inappropriate use of the network
* Develop policies and procedures to carefully audit the system